DOD eyes more teams to counter cyberthreats

The Defense Department is establishing a network defense that includes creating Computer Emergency Response Teams for every service, agency and regional commander in chief. Computer Emergency Response Teams (CERTs) monitor networks and sound the alarm on cyberthreats.

The policy to develop a department-wide network defense came after the Pentagon determined that not all networks are sufficiently protected and not all organizations take the same approach, said Linton Wells, acting Pentagon chief information officer, in written testimony delivered May 17 to Congress.

"Among components, there was significant variability in philosophy and approach, organizational and functional construct, and capability. [Computer network defense] capabilities were not extended to all networks and were unevenly applied where [they were] available," Wells said.

"The assessment also concluded that the current independent, "bottom up' construct had reached its potential, would soon be overcome by rapidly growing component demand and would not scale to support the emerging requirement for a unified Defense-wide capability," Wells added.

Pentagon spokeswoman Susan Han-sen said the policy stems from recent instructions and directives that "establish the guidance that in the hierarchy of the computer defense structure of the Defense Department, except where clearly impractical, components of [DOD] must establish a computer network defense capability — or use a co-located capability."

The policy mandates how the services, agencies and regional commanders in chief should defend their networks. Some officials, such as Army Col. Larry Huffman, director of the Defense Information Systems Agency's Global Network Operations and Security Center, hail the policy as necessary to network security.

The creation of additional CERTs is among the many recommendations included in a March Pentagon report titled "Protecting the Homeland: Report of the Defense Science Board Task Force on Defensive Information Operations." The cost of building additional CERT centers where needed, along with implementing several of the board's other recommendations, would cost up to $70 million, according to the report.

CERTs have their critics, who point out that DOD already has several such teams, which often all distribute the same cyber alerts, and their warnings tend to lag behind information posted on hacker Web sites. "I wouldn't dispute that," one military source said.

Fred Villella, president of New Dimensions International, a network security firm, said the once-necessary teams are now "archaic."

In fact, shortly after taking office, former Defense CIO Art Money said he was reviewing the growing number of CERTs to see if some might be cut in an effort to eliminate redundancy and save money. Little change has resulted from that effort.